Image processing and storage functions are rapidly being integrated into the cloud. Image uploading or photo-sharing is pervasive today, and ever expanding. Well-known sites such as Facebook®, Twitter®, Google Picasa®, Photobucket®, Flickr®, and the like, store billions of photos. With the explosive growth in image storage, privacy concerns have started to surface, with users concerned about the abuse of their personal data and photos, potentially from the sites themselves or from other unknown users.
Publicly available photos on service provider websites can be used to identify strangers in shopping malls, university campuses, or on public streets, for example, simply by performing facial recognition and matching the photos to names or other identifying information available on the websites of the service providers. There are increasingly more incidents of hackers comprising the databases of photo-sharing websites. The hacker or other bad actor may manipulate the content of the original image for nefarious reasons. Still other users can download or otherwise hack the photos, save them to external media, or upload them to other websites, with the original owner losing any measure of effective access control, thereby allowing anyone who comes into contact with the copies to have access to the original content.
FIG. 1 illustrates a conventional system in which hackers or others can gain access to photos. User application 105, which may be operated by a person 110, and can include a computer 115, a smart phone 120, a personal digital assistant (PDA) 125, or a camera 130, and so forth, may upload images 135 to cloud service 140. The user application 105 or other authorized person may later browse for the images at 165. However, a hacker 150, which may include a person 155 or a computer 160, or other unauthorized persons, and so forth, may gain access to the images 135 by accessing the cloud service 140 at 145.
Sometimes users scan sensitive documents into photos and stored them in photo-sharing sites, not understanding the ramifications of easy access by others. In other cases, users might want to only share certain photos with close family members or friends, or otherwise do not want the service provider to have access to the photo content. Conventional encryption technologies are ineffective because photo-sharing websites usually perform post-processing on the uploaded images, such as resizing, filtering, cropping, and so forth. Such post-processing operations change the values of the encrypted contents, and the subsequent decrypted contents will be completely garbled rather than revert to the original image content.
Another compounding factor is that the image compression algorithms commonly used today, such as Joint Photographic Experts Group (JPEG) images, have lossy compression algorithms including floating-point arithmetic errors and quantization loss, which are incompatible with standard encryption algorithms. Conventional xor approaches to encryption and keystreams break when the file contents are modified externally. Although full homomorphic encryption is more resilient to such operations, it is impractical today because encrypting just one bit can require megabytes of keys and hours of computation time for encryption and decryption of the photos.
It would be desirable to effectively and correctly decrypt an encrypted image stored and then retrieved from a photo-sharing website or other similar cloud service, particularly after post-processing operations are performed by the cloud service.